COVID app tool accepted to prestigious software engineering conference

The COVIDGuardian tool, an automated security and privacy assessment tool that tests contact tracing apps for security weaknesses, has been accepted to the International Conference on Software Engineering (ICSE) 2021.

The tool can be used to detect malware, embedded trackers, and private information leakage in COVID tracing apps.

Developed by a team which includes Ruoxi Sun, Zach Wang, Jason Xue and Damith C. Ranasinghe from the University of Adelaide’s School of Computer Science, COVIDGuardian outperformed four state-of-the-practice industrial and open-source tools.

“Using COVIDGuardian we identify that approximately 75 per cent of apps contain at least one tracker, potentially causing privacy violations such as leaks that lead to exposing personal identification information (PII) to third parties,” said the University of Adelaide’s Dr Jason Xue who will be presenting the team’s findings at the ICSE.

More than 50 per cent of apps tested were found to pose potential security risks and over 40 per cent of apps posed security risks through manifest weaknesses.

Full details of the efficacy of COVIDGuardian will be presented to the ICSE conference in May.